3:39 a.m.
Author: shawkins
Date: 2012-06-21 21:39:29 -0400 (Thu, 21 Jun 2012)
New Revision: 4196
Added:
trunk/engine/src/main/resources/META-INF/
trunk/engine/src/main/resources/META-INF/services/
trunk/engine/src/main/resources/META-INF/services/org.teiid.dqp.internal.process.AuthorizationValidator
Modified:
trunk/build/kits/jboss-as7/bin/scripts/teiid-domain-mode-install.cli
trunk/build/kits/jboss-as7/standalone/configuration/standalone-teiid.xml
trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidationVisitor.java
trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidator.java
trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPConfiguration.java
trunk/engine/src/main/java/org/teiid/dqp/internal/process/DefaultAuthorizationValidator.java
trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestAuthorizationValidationVisitor.java
trunk/jboss-integration/src/main/java/org/teiid/jboss/TeiidAdd.java
Log:
TEIID-2082 correcting validation of common table expressions and allowing the config to
disable authorization validation
Modified: trunk/build/kits/jboss-as7/bin/scripts/teiid-domain-mode-install.cli
===================================================================
--- trunk/build/kits/jboss-as7/bin/scripts/teiid-domain-mode-install.cli 2012-06-21
19:07:57 UTC (rev 4195)
+++ trunk/build/kits/jboss-as7/bin/scripts/teiid-domain-mode-install.cli 2012-06-22
01:39:29 UTC (rev 4196)
@@ -16,7 +16,7 @@
/profile=ha/subsystem=security/security-domain=teiid-security/authentication=classic:add(login-modules=[{"code"=>"org.jboss.security.auth.spi.UsersRolesLoginModule",
"flag"=>"required",
"module-options"=>[("usersProperties"=>"${jboss.domain.config.dir}/teiid-security-users.properties"),
("rolesProperties"=>"${jboss.domain.config.dir}/teiid-security-roles.properties")]}])
/profile=ha/subsystem=threads/bounded-queue-thread-pool=teiid-async:add(name=teiid-async,
max-threads=4, queue-length=100)
-/profile=ha/subsystem=teiid:add(async-thread-pool=teiid-async,
distributed-cache-jgroups-stack=udp, resultset-cache-infinispan-container=teiid-cache)
+/profile=ha/subsystem=teiid:add(async-thread-pool=teiid-async,
distributed-cache-jgroups-stack=udp, resultset-cache-infinispan-container=teiid-cache,
authorization-validator-module=org.jboss.teiid)
/profile=ha/subsystem=teiid/transport=embedded:add()
/profile=ha/subsystem=teiid/transport=jdbc:add(protocol=teiid, socket-binding=teiid-jdbc,
ssl-mode=login, authentication-security-domain=teiid-security)
/profile=ha/subsystem=teiid/transport=odbc:add(protocol=pg, socket-binding=teiid-odbc,
authentication-security-domain=teiid-security)
Modified: trunk/build/kits/jboss-as7/standalone/configuration/standalone-teiid.xml
===================================================================
--- trunk/build/kits/jboss-as7/standalone/configuration/standalone-teiid.xml 2012-06-21
19:07:57 UTC (rev 4195)
+++ trunk/build/kits/jboss-as7/standalone/configuration/standalone-teiid.xml 2012-06-22
01:39:29 UTC (rev 4196)
@@ -278,7 +278,7 @@
<transport name="odbc" protocol="pg"
socket-binding="teiid-odbc">
<authentication security-domain="teiid-security"/>
</transport>
-
+
<authorization-validator-module>org.jboss.teiid</authorization-validator-module>
<translator name="jdbc-simple"
module="org.jboss.teiid.translator.jdbc"/>
<translator name="jdbc-ansi"
module="org.jboss.teiid.translator.jdbc"/>
<translator name="access"
module="org.jboss.teiid.translator.jdbc"/>
Modified:
trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidationVisitor.java
===================================================================
---
trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidationVisitor.java 2012-06-21
19:07:57 UTC (rev 4195)
+++
trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidationVisitor.java 2012-06-22
01:39:29 UTC (rev 4196)
@@ -22,17 +22,7 @@
package org.teiid.dqp.internal.process;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.LinkedHashMap;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
import org.teiid.CommandContext;
import org.teiid.PolicyDecider;
@@ -53,17 +43,7 @@
import org.teiid.query.metadata.TempMetadataID;
import org.teiid.query.resolver.util.ResolverUtil;
import org.teiid.query.sql.LanguageObject;
-import org.teiid.query.sql.lang.AlterProcedure;
-import org.teiid.query.sql.lang.AlterTrigger;
-import org.teiid.query.sql.lang.AlterView;
-import org.teiid.query.sql.lang.Create;
-import org.teiid.query.sql.lang.Delete;
-import org.teiid.query.sql.lang.Drop;
-import org.teiid.query.sql.lang.Insert;
-import org.teiid.query.sql.lang.Into;
-import org.teiid.query.sql.lang.Query;
-import org.teiid.query.sql.lang.StoredProcedure;
-import org.teiid.query.sql.lang.Update;
+import org.teiid.query.sql.lang.*;
import org.teiid.query.sql.symbol.ElementSymbol;
import org.teiid.query.sql.symbol.Function;
import org.teiid.query.sql.symbol.GroupSymbol;
@@ -298,7 +278,7 @@
Map<String, LanguageObject> procMap = new
LinkedHashMap<String, LanguageObject>();
addToNameMap(((TempMetadataID)metadataID).getOriginalMetadataID(),
symbol, procMap);
validateEntitlements(PermissionType.EXECUTE, auditContext,
procMap);
- } else if (group.isTempTable()) {
+ } else if (group.isTempTable() &&
group.isImplicitTempGroupSymbol()) {
validateTemp(actionCode, group, auditContext);
}
continue;
Modified:
trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidator.java
===================================================================
---
trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidator.java 2012-06-21
19:07:57 UTC (rev 4195)
+++
trunk/engine/src/main/java/org/teiid/dqp/internal/process/AuthorizationValidator.java 2012-06-22
01:39:29 UTC (rev 4196)
@@ -63,7 +63,4 @@
*/
boolean hasRole(String roleName, CommandContext commandContext);
- boolean isEnabled();
-
- void setEnabled(boolean enabled);
-}
+}
\ No newline at end of file
Modified: trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPConfiguration.java
===================================================================
---
trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPConfiguration.java 2012-06-21
19:07:57 UTC (rev 4195)
+++
trunk/engine/src/main/java/org/teiid/dqp/internal/process/DQPConfiguration.java 2012-06-22
01:39:29 UTC (rev 4196)
@@ -100,20 +100,6 @@
this.lobChunkSizeInKB = lobChunkSizeInKB;
}
- /**
- * Determine whether role checking is enabled on the server.
- * @return <code>true</code> if server-side role checking is enabled.
- */
- public boolean getUseDataRoles() {
- return this.authorizationValidator != null &&
this.authorizationValidator.isEnabled();
- }
-
- public void setUseDataRoles(boolean useEntitlements) {
- if (this.authorizationValidator != null) {
- this.authorizationValidator.setEnabled(useEntitlements);
- }
- }
-
public int getQueryThresholdInSecs() {
return (int)queryThresholdInMilli/1000;
}
Modified:
trunk/engine/src/main/java/org/teiid/dqp/internal/process/DefaultAuthorizationValidator.java
===================================================================
---
trunk/engine/src/main/java/org/teiid/dqp/internal/process/DefaultAuthorizationValidator.java 2012-06-21
19:07:57 UTC (rev 4195)
+++
trunk/engine/src/main/java/org/teiid/dqp/internal/process/DefaultAuthorizationValidator.java 2012-06-22
01:39:29 UTC (rev 4196)
@@ -68,12 +68,10 @@
return policyDecider;
}
- @Override
public boolean isEnabled() {
return enabled;
}
- @Override
public void setEnabled(boolean enabled) {
this.enabled = enabled;
}
Added:
trunk/engine/src/main/resources/META-INF/services/org.teiid.dqp.internal.process.AuthorizationValidator
===================================================================
---
trunk/engine/src/main/resources/META-INF/services/org.teiid.dqp.internal.process.AuthorizationValidator
(rev 0)
+++
trunk/engine/src/main/resources/META-INF/services/org.teiid.dqp.internal.process.AuthorizationValidator 2012-06-22
01:39:29 UTC (rev 4196)
@@ -0,0 +1 @@
+org.teiid.dqp.internal.process.DefaultAuthorizationValidator
\ No newline at end of file
Modified:
trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestAuthorizationValidationVisitor.java
===================================================================
---
trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestAuthorizationValidationVisitor.java 2012-06-21
19:07:57 UTC (rev 4195)
+++
trunk/engine/src/test/java/org/teiid/dqp/internal/process/TestAuthorizationValidationVisitor.java 2012-06-22
01:39:29 UTC (rev 4196)
@@ -310,9 +310,12 @@
helpTest("SELECT e1 INTO #temp FROM pm1.g1",
RealMetadataFactory.example1Cached(), new String[] {}, RealMetadataFactory.example1VDB(),
exampleAuthSvc1()); //$NON-NLS-1$
helpTest("SELECT e1 INTO #temp FROM pm1.g1",
RealMetadataFactory.example1Cached(), new String[] {"#temp"},
RealMetadataFactory.example1VDB(), exampleAuthSvc2()); //$NON-NLS-1$
helpTest("SELECT e1 INTO #temp FROM pm1.g1",
RealMetadataFactory.example1Cached(), new String[] {}, RealMetadataFactory.example1VDB(),
exampleAuthSvc2(), exampleAuthSvc1()); //$NON-NLS-1$
-
}
+ @Test public void testCommonTable() throws Exception {
+ helpTest("WITH X AS (SELECT e1 from pm1.g2) SELECT e1 from x",
RealMetadataFactory.example1Cached(), new String[] {}, RealMetadataFactory.example1VDB(),
exampleAuthSvc2()); //$NON-NLS-1$
+ }
+
@Test public void testTempTableSelectInto1() throws Exception {
helpTest("SELECT e1, e2 INTO #temp FROM pm1.g1",
RealMetadataFactory.example1Cached(), new String[] {"pm1.g1.e2"},
RealMetadataFactory.example1VDB(), exampleAuthSvc1()); //$NON-NLS-1$ //$NON-NLS-2$
}
Modified: trunk/jboss-integration/src/main/java/org/teiid/jboss/TeiidAdd.java
===================================================================
--- trunk/jboss-integration/src/main/java/org/teiid/jboss/TeiidAdd.java 2012-06-21
19:07:57 UTC (rev 4195)
+++ trunk/jboss-integration/src/main/java/org/teiid/jboss/TeiidAdd.java 2012-06-22
01:39:29 UTC (rev 4196)
@@ -287,22 +287,21 @@
}
else {
DataRolePolicyDecider drpd = new DataRolePolicyDecider();
- drpd.setAllowCreateTemporaryTablesByDefault(true);
- drpd.setAllowFunctionCallsByDefault(true);
policyDecider = drpd;
}
final AuthorizationValidator authValidator;
if (Element.AUTHORIZATION_VALIDATOR_MODULE_ELEMENT.isDefined(operation)) {
authValidator = buildService(AuthorizationValidator.class,
Element.AUTHORIZATION_VALIDATOR_MODULE_ELEMENT.asString(operation));
- authValidator.setEnabled(true);
}
else {
DefaultAuthorizationValidator dap = new DefaultAuthorizationValidator();
- dap.setPolicyDecider(policyDecider);
- dap.setEnabled(true);
+ dap.setEnabled(false);
authValidator = dap;
}
+ if (authValidator instanceof DefaultAuthorizationValidator) {
+ ((DefaultAuthorizationValidator)authValidator).setPolicyDecider(policyDecider);
+ }
ValueService<AuthorizationValidator> authValidatorService = new
ValueService<AuthorizationValidator>(new
org.jboss.msc.value.Value<AuthorizationValidator>() {
@Override